The present invention lies in the field of making secure a computer application that is being executed on a terminal.
More precisely, the invention lies in the field of making secure computer applications that ask a user to input sensitive data, e.g. a password or a personal identification number (PIN).
The computer application in question is created by an application supplier. The invention seeks to prevent a fraudulent application created by a dishonest third party obtaining such data when it is input by the user.
In this context, a particular problem has been identified in which a fraudulent application that has been introduced into a terminal unbeknown to the user runs as a background task on the terminal and puts a fraudulent input display on the input display of the pirated application, the fraudulent display being an exact copy of the pirated input display and being intended to discover the data that is input by the user.
In the present state of the art, security mechanisms are known that seek to combine the display for inputting sensitive data with an image that is known to the user.
Unfortunately, the security provided by that mechanism is not sufficient since the applications supplier cannot guarantee the authenticity of the known image.
The invention proposes a security method and a terminal implementing the method that correct certain vulnerabilities of the above-mentioned prior art method.